Who is Kirils?
I am an IT security expert and lead researcher at Possible Security. My areas of expertise include network flow analysis, reverse engineering, social engineering, penetration testing, security incident investigation, and the legal dimension of cyber security and cyber defence.
My passion is contributing to improving security of both national and international information systems by taking part in the responsible disclosure process.
My opinion on cyber and other interesting things: @k@chaos.social, @k@masts.lv
What is this?
The table below allows you to get a glimpse of my public research, presentations and talks.
Please note: page was last updated 20NOV2024.
Find more stuff in my GitHub repositories! Looking for 2003-2013 archive on Skype protocol research and analysis?
Looks cool. Let's meet!
You can invite me to speak at your event by dropping your request to speaker [at] kirils.org!
I do not ask for remuneration, if your event is non-commercial and does not charge a participation fee.
Did you know that I also do hosting and moderating?Get in touch with me about other matters: research [at] kirils.org
| Subject | Date | Language and title (mouse-over for abstract) | Event (country) | Materials | |||
|---|---|---|---|---|---|---|---|
| 2024 | |||||||
| NET | 05DEC |  Remotely snooping on traffic patterns using network protocols |
CyberBazaar  |
||||
| NET | 22NOV | Remotely snooping on traffic patterns using network protocols |
DeepSec IDSC 2024  |
coming soon | |||
| SECURITY, LEGAL | 19NOV | Cyber security implementation practices, compliance and legal considerations in the field of cyber security |
Tehnoloģiju transformācija |
new! slides | more | ||
| SECURITY | 03NOV | So you're interested in social engineering? The very first steps |
OpenFest  |
new! slides | |||
| GSM, VULN | 02NOV | MITM on PSTN – novel methods for intercepting phone calls |
OpenFest |
coming soon | |||
| NET | 26OCT | Remotely snooping on traffic patterns using network protocols |
BSides Berlin  |
new! slides | |||
| SECURITY | 03OCT | DNS on steroids |
Cyberchess 2024 |
new! slides | coming soon | ||
| NET | 21SEP | Remotely snooping on traffic patterns using network protocols |
BalCCon2k24  |
new! slides | coming soon | ||
| NET | 06SEP | Remotely snooping on traffic patterns using network protocols |
AlligatorCon Europe 2024  |
||||
| SECURITY | 30APR | What every business should know about cyberrisks |
LTRK biedru seminārs |
new! video | |||
| SECURITY | 19APR | The Evolution of Cyber Threats: From Network Attacks to Advanced AI Exploits |
Tech and startup event TechChill |
new! video | more | ||
| PRIVACY | 26MAR | Anonymous identity online |
Smart-ID izstrādātāju brokastis |
new! slides | new! video | ||
| SECURITY, LEGAL | 13MAR | Cyber security implementation practices, compliance and legal considerations in the field of cyber security |
Tehnoloģiju transformācija |
new! slides | more | ||
| 2023 | |||||||
| GSM, VULN | 12DEC | MITM attacks on the public switched telephone network |
Esi drošs |
slides | new! video | more | |
| GSM, VULN | 24NOV | MITM on PSTN – novel methods for intercepting phone calls |
DefCamp  |
slides | new! video | more | |
| PRIVACY | 02NOV | Privacy vs Quantum: a false dichotomy |
SK Annual Conference  |
video | more | ||
| PRIVACY | 21OCT | NOTH1NG T0 HID3 (v9) |
Computer Security Conference "No Hat"  |
slides | more | ||
| PRIVACY | 14OCT | NOTH1NG T0 HID3 (v8) |
Hackfest 2023 - Back to the Future  |
slides | new! video | more | |
| GSM, VULN | 13OCT | MITM on PSTN – novel methods for intercepting phone calls |
Hackfest 2023 - Back to the Future |
slides | new! video | more | |
| SECURITY | 28SEP | Cyberreality of Latvia |
Kibernakts'23 |
slides | video | more | |
| GSM, VULN | 23SEP | MITM on PSTN – novel methods for intercepting phone calls |
Nullcon  |
video | coming soon | ||
| SECURITY | 10SEP | MITM on PSTN – novel methods for intercepting phone calls |
BalCCon2k23 |
video | more | ||
| SECURITY | 16AUG | So you're interested in social engineering? The very first steps |
Chaos Communication Camp 2023 |
slides | video | more | |
| GSM, VULN | 15JUN | MITM on PSTN – a novel method for intercepting phone calls |
TyphoonCon  |
slides | more | ||
| PRIVACY | 05JUN | NOTH1NG T0 HID3: how to hack privacy (v7) |
HackCodeX |
more | |||
| SECURITY | 25MAY | Trenches on the digital front |
Sarunu festivāls "Lampa" |
video | more | ||
| POLICY | 19MAY | The strengths & weaknesses of the known tools for circumventing digital censorship |
INTERNET WITHOUT BORDERS Conference and Hackathon against cyber censorship |
on demand | more | ||
| VISION | 12MAY | Democracy and security |
Demokrātijas akadēmija. Ar skatu nākotnē. |
new! video | more | ||
| SECURITY | 11MAY | What every business should know about cyber security: practical tips and advice |
SORAINEN vebinārs "Apdrošināšana pret kiberuzbrukumiem" |
slides | video | more | |
| AI, SECURITY | 27APR | Securing the Future: Balancing Cybersecurity and Innovation |
Tech and startup event TechChill |
video | more | ||
| SECURITY | 30MAR | Usage of mobile devices in high-risk conditions |
Esi drošs |
slides | video | more | |
| 2022 | |||||||
| VISION | 02DEC | IT (in)security |
Celtspēja |
slides | more | ||
| SECURITY | 01DEC | Cybersecurity: Trends and challenges for financial service providers |
Fintech Latvia Breakfast |
video | |||
| HW | 30NOV | WearSec: Towards Automated Security Evaluation of Wireless Wearable Devices |
NordSec 2022  |
paper | more | ||
| SECURITY | 26OCT | Getting Physical: Meet Local Hackers Near $AREA |
CyberShield 2022 |
slides | |||
| SECURITY | 26OCT | Everyday social-engineering in the Baltics |
CyberShield 2022 |
slides | |||
| SECURITY | 25SEP | Screaming into the void: All e-signatures in the world are broken! |
BalCCon2k22 |
video | |||
| VISION | 23SEP | There once was a "we" in "web" |
BalCCon2k22 |
slides | video | ||
| SECURITY | 09JUN | Data protection and cybersecurity challenges in the provision of remote services |
Pārmaiņu paātrinājums |
on demand | more | ||
| MILITARY | 25JUL | The War in Ukraine: Cyberfront |
MCH2022: May Contain Hackers  |
video | |||
| SECURITY | 23JUL | Screaming into the void: All e-signatures in the world are broken! |
MCH2022: May Contain Hackers |
slides | video | ||
| SECURITY | 02JUN | Cyber-resilience as a Pillar |
15th Annual Scientific Baltic Business Management Conference |
video | more | ||
| PRIVACY | 13MAY | Friends o̶r̶ and privacy |
RTU Karjeras izaugsmes festivāls SOLIS 2022 |
more | |||
| HACKING | 29APR | Whitehacking: Being on the Right Side of History |
Tech and startup event TechChill |
video | more | ||
| 2021 | |||||||
| VISION | 21AUG | Cryptocurrencies and money laundering. How to prevent these crimes? |
Sarunu festivāls "Lampa" |
video | more | ||
| ENERGY | 29JAN | Improvement of smart building management systems' functional capability for the increase of energy efficiency and thermal comfort |
paper | slides | |||
| 2020 | |||||||
| PRIVACY | 16APR | NOTH1NG T0 HID3 [exclusively for SWG] |
|||||
| PRIVACY | 14FEB | NOTH1NG T0 HID3 (v5) |
Disobey  |
video | |||
| PRIVACY | 11FEB | On Privacy |
SkeptiCafe |
video | |||
| 2019 | |||||||
| PRIVACY | 28DEC | NOTH1NG T0 HID3: go out and fix privacy! (v4) |
36C3 "Resource Exhaustion" |
slides | video | ||
| RF, REVENG | 30NOV | Security alarm system — feeling of security or cause for alarm? |
SigSegV2  |
||||
| VISION | 21NOV | Patches will fail us. The future of IT defence. |
IRISSCON2019  |
video | |||
| SECURITY | 03NOV | The leak of billions of passwords |
OpenFest |
slides | video | ||
| PRIVACY | 01NOV | NOTH1NG T0 HID3 (v3) |
Investigative Film Festival Skopje  |
||||
| PRIVACY | 25OCT | NOTH1NG T0 HID3: Should we fix privacy? (v2) |
PrivacyWeek |
slides | video | ||
| NET | 03OCT | All the Animals are sad in the Zoo |
ISACA/CERT.LV "Cyberchess 2019" |
slides | video | ||
| PRIVACY | 15SEP | NOTH1NG T0 HID3: Should we fix privacy? (v1) |
BalCCon2k19 |
slides | video | ||
| SECURITY | 13SEP | The leak of billions of passwords |
BalCCon2k19 |
slides | video | ||
| REVENG | 07SEP | r2lrn - Your Personal Interactive Teacher |
r2con 2019  |
slides | video | more | |
| PRIVACY | 17AUG | Toll of personal privacy in 2019 |
AlligatorCon Europe 2019  |
more | |||
| SECURITY, REVENG | 19JUN | Quickstart: RouterOS jailbreaking and security research |
Hack In Paris |
slides | more | ||
| SECURITY, REVENG | 13JUN | RouterOS vulnerabilities and malware campaigns |
TyphoonCon |
slides | |||
| SECURITY | 03JUN | Analysis of the "10 billion" aka Collection #1 password leak |
CONFidence |
video | more | ||
| PRIVACY | 28MAY | Toll of personal privacy in 2018 |
DevClub Tallinn (72nd) |
video | |||
| SECURITY | 23MAY | So what if I don't renew my domain name? |
.LV Registrars' conference |
on demand | more | ||
| SECURITY | 08MAY | You* will get hacked |
infoShare |
video | |||
| LOBBYING | 30MAR | TRUTH |
Studentijas Akadēmija IV |
slides | more | ||
| SECURITY | 23MAR | Analysis of the "10 billion" aka Collection #1 password leak |
Le Tour Du Hack  |
video | more | ||
| RF, REVENG | 02MAR | Security alarm system — feeling of security or cause for alarm? |
Nullcon |
slides | video | more | |
| SECURITY, PRIVACY | 21FEB | On Cybersecurity and Privacy |
video | ||||
| VISION | 12FEB | How cyberwar can be defeated |
CyberNorth Warm Up @Riga |
video | more | ||
| SECURITY | 29JAN | Exclusive interview with a white-hat hacker |
TVNET |
video | more | ||
| 2018 | |||||||
| PRIVACY | 27DEC | Toll of personal privacy in 2018 |
35C3 "Refreshing memories" |
slides | video | ||
| SECURITY | 06DEC | So what if I don't renew my domain name? |
Esi drošs |
slides | video | more | |
| HW, SECURITY | 01DEC | The state of MikroTik security. An overview. |
SigSegV1 |
slides | video | ||
| HW, REVENG | 28NOV | Horror on the bus: Hacking COMBUS in a Paradox security system |
Hack In The Box Dubai  |
slides | video | ||
| HW, REVENG | 16NOV | How reversing the COMBUS protocol resulted in breaking security of a security system |
IT-SECX |
slides | video | ||
| HW, REVENG | 02NOV | Horror on the bus: Hacking COMBUS in a Paradox security system |
Hackfest "Decade" |
slides | video | ||
| SECURITY | 10OCT | The state of MikroTik security. An overview. |
HackIT 4.0  |
slides | |||
| PRIVACY | 15SEP | Toll of personal privacy in 2018 |
BalCCon2k18 |
slides | video | ||
| SECURITY | 14SEP | Impact of domain name drop-catching on business security |
BalCCon2k18 |
slides | video | ||
| SECURITY | 15AUG | IT security. This is where we are… Where are we going with this? |
Swedbank Seedtalks |
slides | more | ||
| RFID | 20JUL | RFID attacks and Proxmark hands-on |
FSec IoT Hacking Summer School  |
slides | more | ||
| NET | 20JUL | Live network forensics and reversing network protocols |
FSec IoT Hacking Summer School |
slides | more | ||
| REVENG | 10JUL | Reverse engineering basics |
DevClub Tallinn (62nd) |
slides | video | ||
| WEB | 15JUN | JavaScript security: a retrospective |
FrontCon |
slides | video | ||
| SECURITY | 17MAY | Wash your hands before using a computer! |
ELKO MeetUP 2018 |
video | |||
| POLICY | 20APR | Domain name take down and blocking trends in the Baltics |
Baltic Domain Days |
slides | more | ||
| LEGAL | 19APR | Should the registries and registrars be responsible for the content on the internet? |
Baltic Domain Days |
more | |||
| SECURITY | 22MAR | OPSEC and defense against social engineering |
Security focused DevClub Riga (64th) |
slides | video | more | |
| 2017 | |||||||
| POLICY | 01DEC | Should anonymous comments be allowed on the internet? |
QUO Tu domā? |
video | |||
| LOBBYING | 05NOV | Your Voice in the Government (the non-partisan way) |
OpenFest |
slides | video | ||
| HW, REVENG | 21OCT | Tools for effortless reverse engineering of MikroTik routers |
Hacktivity |
slides | video | more | |
| POLICY | 05OCT | Online censorship and its security impact |
ISACA/CERT.LV "Cyberchess 2017" |
slides | video | more | |
| VISION | 27SEP | Cybersecurity challenges of the past & the future |
Visit of Prime Minister of The Republic of Latvia to the Kingdom on the Netherlands |
slides | |||
| HW | 15SEP | A deeper journey into MikroTik routers |
BalCCon2k17 |
slides | video | more | |
| HW | 06AUG | Rooting the MikroTik routers |
SHA2017: Still Hacking Anyway |
slides | video | more | |
| NET | 05AUG | Network concepts introduction & wireshark workshop |
SHA2017: Still Hacking Anyway |
slides | video | more | |
| SECURITY | 30JUN | The digital age. Will you be able to safeguard your data? |
Sarunu festivāls "Lampa" |
slides | more | ||
| POLICY | 29JUN | Copyright is not keeping up with our runaway culture |
paper | ||||
| CRYPTO | 30MAY | How they SHAttered Latvian eID |
CERT-EE Symposium 2017 |
||||
| SECURITY | 06APR | Social networks — an attack vector |
Esi drošs |
slides | video | more | |
| NET | 28MAR | Internet of Things: risks, tips, future |
Digital Security Day |
slides | video | more | |
| SECURITY | 20FEB | Operation "Hackers' Wonders" |
"Aizliegtais paņēmiens" |
video | |||
| 2016 | |||||||
| WEB | 30DEC | A visual story about JavaScript |
33C3 "Works for me" |
slides | video | ||
| NET | 28DEC | SIPSA anonymization protocol |
33C3 "Works for me" |
slides | |||
| NET | 27DEC | Network concepts introduction & wireshark workshop |
33C3 "Works for me" |
slides | |||
| NET | 15OCT | The theory behind SIPSA anonymization protocol |
Joint Estonian-Latvian Theory Days |
slides | |||
| RDP, POLICY | 06OCT | Legal, technical and coordination challenges of the responsible disclosure process |
ISACA/CERT.LV "Cyberchess 2016" |
video | more | ||
| RDP, VULN | 06OCT | Responsible disclosure process – vulnerabilities of IP security cameras |
ISACA/CERT.LV "Cyberchess 2016" |
slides | video | more | |
| SECURITY | 01OCT | Security audit process of a WordPress instance |
WordCamp Riga |
slides | video | ||
| NET | 09SEP | SIPSA — One step closer to real anonymity on the internet |
BalCCon2k16 |
slides | video | more | |
| SECURITY | 01SEP | History and contemporary challenges of IT security research |
slides | ||||
| RDP | 31MAY | Responsibly fixing cross-border hardware vulnerabilities |
CERT-EE Symposium 2016 |
slides | |||
| 2015 | |||||||
| RDP, POLICY | 11OCT | Responsible vulnerability disclosure policy: steps for initial engagement of the target audiences |
paper | ||||
| POLICY | 28JUL | Regulation No 442 of the Cabinet of Ministers of the Republic of Latvia "Procedures for ensuring information and communication technology system compliance to the minimal security requirements" |
“Latvijas Vēstnesis”, the official publisher of the Republic of Latvia |
paper | |||
| POLICY | 29APR | Amendments to the Law On the Security of Information Technologies: safer environment and additional requirements |
Esi drošs-2 |
slides | |||
| 2014 | |||||||
| POLICY | 16OCT | Security challenges of Latvian ICT during the EU presidency |
ISACA/CERT.LV annual conference |
slides | video | ||
| VULN | 02OCT | Security problem in "Rīgas Satiksme" ticketing system "E-talons" |
on demand | more | |||
| TLS | 22APR | TLS and Heartbleed |
IT drošības specseminārs |
slides | |||
| VULN | 16APR | Vulnerabilities of e-maks.lv |
on demand | more | |||
| RFID | 18FEB | RFID |
IT drošības specseminārs |
slides | |||
| LINUX | 25JAN | ddwrt-nvram-tool |
more | ||||
| 2013 | |||||||
| VULN | 13NOV | Deficiency in the Invalid Document Register |
on demand | more | |||
| VULN | 04NOV | Interesting "function" within Swedbank mobile app |
on demand | more | |||
| VULN | 23OCT | The practical side of IT security in Latvia |
ISACA/CERT.LV annual conference |
slides | video | ||
| GSM | 08AUG | Security of mobile phone communications |
CERT.LV Drošības ekspertu grupa |
slides | |||
| SECURITY | 08AUG | Analysis of Magneto malware incident |
CERT.LV Drošības ekspertu grupa |
slides | |||
| POLICY | 06AUG | E-governance. Security. Thought experiments. |
LU un LMT Datorzinātņu dienas |
slides | video | ||
| NET | 08APR | Attacking wireless network clients using MITM |
slides | ||||
| NET | 08APR | Technologies of the internet |
slides | ||||
| NET | 13JAN | webservertools |
more | ||||
| MAGSTRIPE | 05JAN | libMSRx05 |
more | ||||
| RFID | 05JAN | libCRx0x |
more | ||||
| 2011 | |||||||
| SECURITY | 10AUG | Security on the internet |
LU un LMT Datorzinātņu dienas |
slides | |||
| VOIP | 01JUN | Improvement of jitter-buffer management algorithm for time-critical traffic |
paper | slides | |||
| 2010 | |||||||
| LEGAL | 29DEC | Skype's Bag of Legal Tricks |
27C3 "We come in peace" |
slides | video | ||
| 2009 | |||||||
| GSM, AI | 11JUN | SMS system "sms.id.lv" |
paper | slides | |||
| 2008 | |||||||
| AI | 19JUN | Visualisation of action plans |
paper | slides | |||
| 2007 | |||||||
| NET | 12JUN | Modernisation of the computer network at Riga State Gymnasium No. 1 |
on demand | slides | |||
| 2006 | |||||||
| CRYPTO | 13DEC | Description of SASH-1280 |
paper | ||||
| LINUX | 19APR | Linux command line interface – the console |
paper | ||||